An ID validation and fraud prevention startup has developed what it claims is the first and only truly anonymous peer-to-peer verification network that enables companies to work together to validate identities without sharing or exposing any personal customer data. Identiq uses cryptographic algorithms to anonymously compare new user data against identities already trusted by other network members while preserving customer privacy, the company said. It was named a Gartner “Cool Vendor” for privacy.
Neither blockchain or artificial intelligence are used—only cryptography, said Uri Arad, co-founder and vice president of product. So far, he said, over 20 companies in retail, ridesharing, travel, gaming, and social networking have expressed interest in joining the network when it launches this quarter.
Member B2C companies “can validate their users by working together as a network to ask questions about people and data points they don’t know” and vouch for them as trustworthy users, explained Identiq Chief Marketing Officer Shmuli Goldberg.
He added that no data is ever shared among network members or with Identiq. “This is in direct contrast with how this industry has been running” for over 20 years, Goldberg said, noting that Equifax and other credit bureaus collect and allow a company to validate a consumer’s data against what they have in their databases.
“We are posing the exact opposite [model] and we believe, and our tech has shown, we can create a better user experience trying to validate user identities without sharing any data whatsoever,” he said.
SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)
The technology can sniff out fraudsters and verify identity without relying on the usual methods of checking against third-party data providers, Goldberg said. It does it without sharing or storing any information at all, thus eliminating ID theft and personal information sprawl, he said.
After spending several years at PayPal managing risk analysts and data scientists, Arad said, he came to the realization that even very large companies “struggle to manage risk when it comes to new customers or any information they have not seen before,” and that “this is what fraudsters are taking advantage of.”
If new information is coming in when a person opens an account online, he said. “there’s nothing for you to say this looks suspicious. The only way companies are able to make any progress in this area is by going to external data vendors and asking them what they think,” he said.
Establishing a network of trust
The idea is to make it easy for companies to identify who their new customers are through a “network of trust,” he said. They can do that without sharing the customer’s personal information, he said.
“We looked into a branch of cryptography called multi-party computation, which is over 30 to 40 years old,” Arad said. “This branch deals with the question of how multiple parties can calculate some function together without revealing their own individual inputs.”
For example, if you were conducting an online auction, every participant can make a bid and multi-party computation can allow the participants to find out who the winner is without revealing individual bids, he said.
Another example would be in a ride sharing scenario–it’s very important to validate the identity of both the driver and the riders for the safety of both, said Goldberg.
“Instead of building a large database to solve identity, we are the first company that says we don’t want your data—we see no data, we buy/sell/share no data,” he stressed. “That’s the inverse of the model of the vast majority of solutions on the market today.”
Multi-party computation allows parties to make sure they both have the same phone number or more sensitive information like credit card data “without me having to tell you what I have and vice versa,” Goldberg said.
Since it is a provider-less technology company, Identiq’s revenue model will be to take a small portion of what people pay to use the network, he said.